US11777957B2 - Method for detecting malicious attacks based on deep learning in traffic cyber physical system - Google Patents

Method for detecting malicious attacks based on deep learning in traffic cyber physical system Download PDF

Info

Publication number
US11777957B2
US11777957B2 US16/703,089 US201916703089A US11777957B2 US 11777957 B2 US11777957 B2 US 11777957B2 US 201916703089 A US201916703089 A US 201916703089A US 11777957 B2 US11777957 B2 US 11777957B2
Authority
US
United States
Prior art keywords
data
rbm
deep learning
malicious
training
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US16/703,089
Other versions
US20200106788A1 (en
Inventor
Yuanfang CHEN
Ting Wu
Hengli YUE
Chengnan HU
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Publication of US20200106788A1 publication Critical patent/US20200106788A1/en
Assigned to HANGZHOU DIANZI UNIVERSITY reassignment HANGZHOU DIANZI UNIVERSITY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHEN, Yuanfang, HU, Chengnan, WU, TING, YUE, Hengli
Application granted granted Critical
Publication of US11777957B2 publication Critical patent/US11777957B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/20Ensemble learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/047Probabilistic or stochastic networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/0499Feedforward networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/088Non-supervised learning, e.g. competitive learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/0895Weakly supervised learning, e.g. semi-supervised or self-supervised learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/09Supervised learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/01Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware

Definitions

  • the present application relates to detection with transportation cyber-physical systems (TCPS), and more particularly to a method for detecting a malicious attack based on deep learning in an TCPS.
  • TCPS transportation cyber-physical systems
  • Transportation cyber-physical physical system (TCPS), as a specific application of cyber-physical system (CPS) in transportation, is a key technology for the development of the next generation intelligent transportation system (ITS).
  • a mobile vehicle and a traffic sensor transmit traffic condition information to a traffic controller via a wireless communication medium.
  • the TCPS Due to the open nature of wireless communication, the TCPS is extremely vulnerable to security attacks, such as eavesdropping and tampering, which leads to serious traffic accidents and great loss of life and property.
  • Some advanced attacks can even adjust a strategy according to the features of the transmission of the information to maximize the negative impact on wireless communications.
  • Most methods rely on the features of a network protocol of TCPS to perform detection and not match importance to the data itself, and thus hardly find out new types of malicious behaviors; Moreover, malicious behaviors have increasing camouflage and complexity, or some malicious behaviors even change, making it even harder to find out.
  • the object of the present application is to provide a method for detecting a malicious attack based on deep learning in a TCPS.
  • the method of the present invention includes the following steps:
  • the present invention uses a deep learning method to extract and learn the behavior of a program in a TCPS, and detect a malicious attack according to the learning result; therefore, the present invention can effectively identify malicious attacks in the TCPS, reduce the possibility of being vulnerable to security attacks due to an open nature of wireless communication, and accurately identify a malware and an unknown malicious attack, thus achieving the effect of detecting and preventing malicious attacks.
  • the deep learning method is very suitable for mining data with large data volume. Increasing the data volume of the data set can further improve the performance of the model, while general machine learning algorithms do not have the advantage of significantly improving the results of the algorithm by increasing the amount of data.
  • the present invention can overcome the problem that a traditional identification method can not accurately identify malicious attack or identify unknown malicious attacks, and realize the identification of malicious attacks in the TCPS.
  • FIG. 1 is a flow chart of a method for detecting a malicious attach based on deep learning in a transportation cyber-physical system according to the invention.
  • TCPS transportation cyber-physical system
  • Step 1 A feature of data flow was extracted from a TCPS: a malicious data flow and a normal data flow were collected from a TCPS, and were organized into a general network frame format. Irrelevant data was removed, and features related to malicious attacks were extracted, and divided according to a frame structure into bytes as an original feature data.
  • a total of 1000 pieces of data including 500 malicious data and 500 normal data were used.
  • the 500 pieces of normal data were data flow acquired from the Controller Area Network (CAN) bus under a normal state of a vehicle, and the 500 pieces of data were data flow acquired from the CAN bus in the case of Denial-of-Service (DoS) attack, Fuzzy attack and Spoofing attack, and then the acquired data flow was organized into a general CAN message format, and irrelevant data such as frame header, end of frame, check digit, arbitration bit, etc. was removed.
  • DoS Denial-of-Service
  • Fuzzy attack and Spoofing attack Fuzzy attack and Spoofing attack
  • Remote frames and data frames related to malicious attacks were extracted as features of remote and data frames, and the features were divided in units of bytes to obtain original feature data.
  • Step 2 The original feature data of the CAN bus behavior in step 1 was cleaned and encoded.
  • the original feature data of step 1 was cleaned to remove meaningless data and process empty frame; the feature data was encoded after cleaned into classification values using one-hot encoding to construct a feature vector table.
  • Step 3 The feature data obtained in step 2 was selected to obtain key features: according to feature importance in a random forest model, the key features ware selected to distinguish a malicious attack behavior from a normal behavior.
  • the selected key features were divided into labeled data and unlabeled data to serve as training data of a deep learning model.
  • Step 4 The key features obtained in step 3 were learned to establish the deep learning model, which is performed as follows:
  • each of hidden layers was calculated using the BP algorithm to obtain an output of each of the hidden layers; an error of the algorithm was calculated by taking a Softmax layer as an output layer and Cross-Entropy as a cost function, and if there was an error, the error was reversely transmitted from the output layer to an input layer, and a weight of the neurons was adjusted; a total error was repeatedly iterated using gradient descent algorithm (SGD) until the total error met a requirement or a training period ended.
  • SGD gradient descent algorithm
  • Step 5 Unknown behavior data to be identified was input into the deep learning model trained in step 4 to perform feature recognition, and finally the output of the deep learning model was mapped into an interval of 0-1 using a Softmax classifier of the output layer to obtain the probability of each frame data flow of being malicious behavior and normal behavior.
  • a malicious or a normal sample is determined by a category with maximum probability, and if the number of the malicious samples predicted was greater than 1, a malicious attack exists in the unknown data. The greater number of the identified malicious samples indicates the higher probability of the CAN bus of being maliciously attacked.
  • the precision of the model based on deep learning of the present invention is 12.61% higher than that of the Softmax regression algorithm, 5.76% higher than that of tree algorithm, 3.20% higher than that of the support vector machine algorithm, 2.61% higher than that of the random forest algorithm, and the accuracy of the model was improved by 6% on average, indicating that the method of the invention was more accurate and efficient than the general machine learning.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

Disclosed is a method for detection a malicious attack based on deep learning in a transportation cyber-physical system (TCPS), comprising: extracting original feature data of a malicious data flow and a normal data flow from a TCPS; cleaning and coding original feature data; selecting key features from the feature data; cleaning and coding the key features to establish a deep learning model; finally, inputing unknown behavior data to be identified into the deep learning model to identify whether the data is malicious data, thereby detecting a malicious attack. The present invention uses a deep learning method to extract and learn the behavior of a program in a TCPS, and detect the malicious attack according to the deep learning result, and effectively identify the malicious attack in the TCPS.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application is a continuation of International Application No. PCT/CN2018/083450 with a filling date of Apr. 18, 2018, designating the United states, now pending, and further claims to the benefit of priority from Chinese Patent Application No. 201810062032.2, filed on Jan. 23, 2018. The content of the aforementioned application, including any intervening amendments thereto, is incorporated herein by reference in its entirety.
TECHNICAL FIELD
The present application relates to detection with transportation cyber-physical systems (TCPS), and more particularly to a method for detecting a malicious attack based on deep learning in an TCPS.
BACKGROUND
Transportation cyber-physical physical system (TCPS), as a specific application of cyber-physical system (CPS) in transportation, is a key technology for the development of the next generation intelligent transportation system (ITS).
In the TCPS, a mobile vehicle and a traffic sensor transmit traffic condition information to a traffic controller via a wireless communication medium. Due to the open nature of wireless communication, the TCPS is extremely vulnerable to security attacks, such as eavesdropping and tampering, which leads to serious traffic accidents and great loss of life and property. Some advanced attacks can even adjust a strategy according to the features of the transmission of the information to maximize the negative impact on wireless communications. At present, there are limited methods of effectively detecting malicious attacks. Most methods rely on the features of a network protocol of TCPS to perform detection and not match importance to the data itself, and thus hardly find out new types of malicious behaviors; Moreover, malicious behaviors have increasing camouflage and complexity, or some malicious behaviors even change, making it even harder to find out.
SUMMARY
The object of the present application is to provide a method for detecting a malicious attack based on deep learning in a TCPS.
The method of the present invention includes the following steps:
    • 1) extracting a feature of data flow from a TCPS: collecting malicious data flow and normal data flow from a TCPS, organizing the collected malicious data flow and the normal data flow into a general network frame format, removing irrelevant data, extracting features related to malicious attacks, and dividing the features according to a frame structure into bytes as original feature data;
    • 2) cleaning and encoding the original feature data in step 1: cleaning the original feature data in step 1 to remove meaningless data and process missing data; encoding the cleaned feature data into classification values using one-hot encoding to construct a feature vector table;
    • 3) selecting key features from the feature data obtained in step 2: according to feature importance in a random forest model, selecting key features that distinguish a malicious attack behavior from a normal behavior; dividing the selected key features into labeled data and unlabeled data to serve as training data of a deep learning model;
    • 4) learning the key features obtained in step 3 to establish a deep learning model:
    • i) performing a pre-training process without supervision of a Restriction Boltzmann Machine (RBM): initializing the RBM layers according to parameters such as the number of layers or neurons of the RBM; inputting the unlabeled feature data obtained in step 3 into the RBM; individually training the RBM layer by layer without supervision; after fully trained, outputting a trained RBM layer as an input of a next RBM layer, and then training the next RBM layer until all training data are fully learned; wherein
    • the training process without supervision is as follows:
    • feature vectors are sampled using Contrastive Divergence with k steps (CD-k) without supervision, and RBM parameters are updated; RBM training error is evaluated using mean square error (MSE); gradient descent algorithm (SGD) is used to perform multiple iteration until RBM training meets a requirement or a training period ends; and
    • ii) performing a fine-tuning process using back propagation (BP) algorithm with supervision: inputting an output of a last RBM layer to a BP fine-tuning network; inputting the labeled data obtained in step 3, and fine-tuning the deep learning model using BP algorithm, reversely adjusting a weight of the BP fine-tuning network by a feedback mechanism of the BP fine-tuning until an optimal model is obtained; wherein
    • each of hidden layers is calculated using the BP algorithm to obtain an output of each of the hidden layers; an error of the algorithm is calculated by taking a Softmax layer as an output layer and Cross-Entropy as a cost function, if there is an error, the error is reversely transmitted from the output layer to an input layer, and a weight of the neurons is adjusted; a total error is repeatedly iterated using gradient descent algorithm (SGD) until the total error meets a requirement or a training period ends;
    • 5) inputting unknown behavior data to be identified into the deep learning model trained in step 4 to perform feature recognition, finally mapping the output of the deep learning model into an interval of 0-1 using a Softmax classifier of the output layer to obtain various types of probabilities, determining whether a category with a maximum probability category is a malicious or a normal sample, and if the number of the malicious samples predicted is greater than 1, a malicious attack exists in the unknown data; The greater number of the malicious samples identified indicates the higher probability of being maliciously attacked in a TCPS.
The present invention uses a deep learning method to extract and learn the behavior of a program in a TCPS, and detect a malicious attack according to the learning result; therefore, the present invention can effectively identify malicious attacks in the TCPS, reduce the possibility of being vulnerable to security attacks due to an open nature of wireless communication, and accurately identify a malware and an unknown malicious attack, thus achieving the effect of detecting and preventing malicious attacks. In addition, there is a huge amount of information in the TCPS, and the deep learning method is very suitable for mining data with large data volume. Increasing the data volume of the data set can further improve the performance of the model, while general machine learning algorithms do not have the advantage of significantly improving the results of the algorithm by increasing the amount of data. For the data itself, the present invention can overcome the problem that a traditional identification method can not accurately identify malicious attack or identify unknown malicious attacks, and realize the identification of malicious attacks in the TCPS.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a flow chart of a method for detecting a malicious attach based on deep learning in a transportation cyber-physical system according to the invention.
 DETAILED DESCRIPTION OF EMBODIMENTS
As shown in FIG. 1 , provided is a method for detecting a malicious attack based on deep learning in a transportation cyber-physical system (TCPS) as described below.
Step 1: A feature of data flow was extracted from a TCPS: a malicious data flow and a normal data flow were collected from a TCPS, and were organized into a general network frame format. Irrelevant data was removed, and features related to malicious attacks were extracted, and divided according to a frame structure into bytes as an original feature data.
In this embodiment, a total of 1000 pieces of data including 500 malicious data and 500 normal data were used. The 500 pieces of normal data were data flow acquired from the Controller Area Network (CAN) bus under a normal state of a vehicle, and the 500 pieces of data were data flow acquired from the CAN bus in the case of Denial-of-Service (DoS) attack, Fuzzy attack and Spoofing attack, and then the acquired data flow was organized into a general CAN message format, and irrelevant data such as frame header, end of frame, check digit, arbitration bit, etc. was removed. Remote frames and data frames related to malicious attacks were extracted as features of remote and data frames, and the features were divided in units of bytes to obtain original feature data.
Step 2: The original feature data of the CAN bus behavior in step 1 was cleaned and encoded.
The original feature data of step 1 was cleaned to remove meaningless data and process empty frame; the feature data was encoded after cleaned into classification values using one-hot encoding to construct a feature vector table.
Step 3: The feature data obtained in step 2 was selected to obtain key features: according to feature importance in a random forest model, the key features ware selected to distinguish a malicious attack behavior from a normal behavior. The selected key features were divided into labeled data and unlabeled data to serve as training data of a deep learning model.
Step 4: The key features obtained in step 3 were learned to establish the deep learning model, which is performed as follows:
    • i) A pre-training process of a Restriction Boltzmann Machine (RBM) without supervision: the RBM was initialized, and there were two RBM layers and 512 neurons in each layer in this embodiment. The unlabeled CAN bus behavior feature data obtained in step 3 was input into the RBM; each layer of the RBM was trained layer by layer without supervision, and after fully trained, the output of the current RBM layer was used as the input of a next layer of the RBM, and then the next layer of RBM was trained until all training CAN bus behavior characteristic data were fully learned;
    • the training process without supervision was as follows:
    • feature vectors were sampled using CD-k without supervision, and RBM parameters were updated; an RBM training error was evaluated using mean square error (MSE); gradient descent algorithm (SGD) was used to perform multiple iteration until RBM training met a requirement or a training period ended.
    • ii) A fine-tuning process using back propagation (BP) algorithm without supervision: an output of a last RBM layer was used as an input of a BP fine-tuning network; the labeled data obtained from step 3 was input, and the deep learning model was fine-tuned using BP algorithm; a weight of the BP fine-tuning network was adjusted reversely by a feedback mechanism of the BP network until an optimal model was obtained;
specifically, each of hidden layers was calculated using the BP algorithm to obtain an output of each of the hidden layers; an error of the algorithm was calculated by taking a Softmax layer as an output layer and Cross-Entropy as a cost function, and if there was an error, the error was reversely transmitted from the output layer to an input layer, and a weight of the neurons was adjusted; a total error was repeatedly iterated using gradient descent algorithm (SGD) until the total error met a requirement or a training period ended.
Step 5: Unknown behavior data to be identified was input into the deep learning model trained in step 4 to perform feature recognition, and finally the output of the deep learning model was mapped into an interval of 0-1 using a Softmax classifier of the output layer to obtain the probability of each frame data flow of being malicious behavior and normal behavior. A malicious or a normal sample is determined by a category with maximum probability, and if the number of the malicious samples predicted was greater than 1, a malicious attack exists in the unknown data. The greater number of the identified malicious samples indicates the higher probability of the CAN bus of being maliciously attacked.
In order to verify the effectiveness of the method of the present invention, several comparison experiments were carried out based on the CAN bus behavior data set with 10 different data volumes and four conventional machine learning algorithms, namely, decision tree, support vector machine, random forest and Softmax regression algorithm. A comparison on accuracy between the present method and four conventional algorithms was shown in the following table.
Detection Recall F1
method Precision % rate score % AUC % Accuracy %
Decision tree 83% 81% 82% 82% 82%
Softmax 84% 83% 84% 84% 84%
regression
Random forest 86% 87% 86% 87% 87%
Support vector 89% 86% 88% 87% 87%
machine
Deep leaning 93% 90% 91% 91% 91%
detection
It was found that the precision of the model based on deep learning of the present invention is 12.61% higher than that of the Softmax regression algorithm, 5.76% higher than that of tree algorithm, 3.20% higher than that of the support vector machine algorithm, 2.61% higher than that of the random forest algorithm, and the accuracy of the model was improved by 6% on average, indicating that the method of the invention was more accurate and efficient than the general machine learning.

Claims (1)

What is claimed is:
1. A method for detecting a malicious attack based on deep learning in a transportation cyber-physical system (TCPS), comprising:
1) extraction of features of data flow from a TCPS
collecting malicious data flow and normal data flow from a TCPS, organizing the collected malicious data flow and the normal data flow into a general network frame format, removing irrelevant data, extracting features related to malicious attacks, and dividing the features, according to a frame structure, into bytes as original feature data;
2) cleaning and encoding of the original feature data obtained in step 1
cleaning the original feature data in step 1 to remove meaningless data and process missing data; encoding the cleaned feature data into classification values using one-hot encoding to construct a feature vector table;
3) selection of key features from the feature data obtained in step 2
according to feature importance in a random forest model, selecting key features that distinguish a malicious attack behavior from a normal behavior; dividing the selected key features into labeled data and unlabeled data to serve as training data of a deep learning model;
4) learning of the key features obtained in step 3 to establish the deep learning model
i) performing a pre-training process without supervision of a Restriction Boltzmann Machine (RBM): initializing RBM layers according to the number of layers or neurons of the RBM; inputting the unlabeled data obtained in step 3 into the RBM; individually training the RBM layer by layer without supervision; after fully trained, outputting a trained RBM layer as an input of a next RBM layer, and then training the next RBM layer; repeating the training until all training data are fully learned;
wherein the training process without supervision is as follows:
feature vectors are sampled using Contrastive Divergence with k steps (CD-k) without supervision, and RBM parameters are updated; an RBM training error is evaluated using mean square error (MSE); gradient descent algorithm (SGD) is used to perform multiple iteration until RBM training meets a requirement or a training period ends; and
ii) performing a fine-tuning process using back propagation (BP) algorithm with supervision: inputting an output of a last layer of RBM to a BP fine-tuning network; inputting the labeled data obtained in step 3, and fine-tuning the deep learning model using the BP algorithm, reversely adjusting a weight of the BP fine-tuning network by a feedback mechanism of the BP fine-tuning network until an optimal model is obtained; wherein
each of hidden layers is calculated using the BP algorithm to obtain an output of each of the hidden layers; an error of the BP algorithm is calculated by taking a Softmax layer as an output layer and Cross-Entropy as a cost function, if there is an error, the error is reversely transmitted from the output layer to an input layer, and a weight of the neurons is adjusted; a total error is repeatedly iterated using gradient descent algorithm (SGD) until the total error meets a requirement or a training period ends;
5) inputting unknown behavior data to be identified into the deep learning model trained in step 4 to perform feature recognition, finally mapping the output of the deep learning model into an interval of 0-1 using a Softmax classifier of the output layer to obtain various types of probabilities, determining whether a category with a maximum probability is a malicious sample or a normal sample, and if the number of the malicious samples predicted is greater than 1, indicating that the malicious attack exists in the unknown behavior data.
US16/703,089 2018-01-23 2019-12-04 Method for detecting malicious attacks based on deep learning in traffic cyber physical system Active 2040-11-15 US11777957B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201810062032.2A CN108040073A (en) 2018-01-23 2018-01-23 Malicious attack detection method based on deep learning in information physical traffic system
CN201810062032.2 2018-01-23
PCT/CN2018/083450 WO2019144521A1 (en) 2018-01-23 2018-04-18 Deep learning-based malicious attack detection method in traffic cyber physical system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/083450 Continuation WO2019144521A1 (en) 2018-01-23 2018-04-18 Deep learning-based malicious attack detection method in traffic cyber physical system

Publications (2)

Publication Number Publication Date
US20200106788A1 US20200106788A1 (en) 2020-04-02
US11777957B2 true US11777957B2 (en) 2023-10-03

Family

ID=62096493

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/703,089 Active 2040-11-15 US11777957B2 (en) 2018-01-23 2019-12-04 Method for detecting malicious attacks based on deep learning in traffic cyber physical system

Country Status (3)

Country Link
US (1) US11777957B2 (en)
CN (1) CN108040073A (en)
WO (1) WO2019144521A1 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240080333A1 (en) * 2022-07-15 2024-03-07 HiddenLayer Inc. Detecting and Responding to Malicious Acts Directed Towards Machine Learning Models
US12107885B1 (en) 2024-04-26 2024-10-01 HiddenLayer, Inc. Prompt injection classifier using intermediate results
US12105844B1 (en) 2024-03-29 2024-10-01 HiddenLayer, Inc. Selective redaction of personally identifiable information in generative artificial intelligence model outputs
US12111926B1 (en) 2024-05-20 2024-10-08 HiddenLayer, Inc. Generative artificial intelligence model output obfuscation
US12130917B1 (en) 2024-05-28 2024-10-29 HiddenLayer, Inc. GenAI prompt injection classifier training using prompt attack structures
US12130943B1 (en) 2024-03-29 2024-10-29 HiddenLayer, Inc. Generative artificial intelligence model personally identifiable information detection and protection
US12174954B1 (en) 2024-05-23 2024-12-24 HiddenLayer, Inc. Generative AI model information leakage prevention
US12229265B1 (en) 2024-08-01 2025-02-18 HiddenLayer, Inc. Generative AI model protection using sidecars
US12248883B1 (en) 2024-03-14 2025-03-11 HiddenLayer, Inc. Generative artificial intelligence model prompt injection classifier
US12293277B1 (en) 2024-08-01 2025-05-06 HiddenLayer, Inc. Multimodal generative AI model protection using sequential sidecars
US12314380B2 (en) 2023-02-23 2025-05-27 HiddenLayer, Inc. Scanning and detecting threats in machine learning models
US12328331B1 (en) 2025-02-04 2025-06-10 HiddenLayer, Inc. Detection of privacy attacks on machine learning models
US12475215B2 (en) 2024-01-31 2025-11-18 HiddenLayer, Inc. Generative artificial intelligence model protection using output blocklist
US12505648B1 (en) 2025-07-07 2025-12-23 HiddenLayer, Inc. Multimodal AI model protection using embeddings
US12549598B2 (en) 2024-08-21 2026-02-10 HiddenLayer, Inc. Defense of multimodal machine learning models via activation analysis

Families Citing this family (72)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108718310B (en) * 2018-05-18 2021-02-26 安徽继远软件有限公司 Deep learning-based multilevel attack feature extraction and malicious behavior identification method
CN108958217A (en) * 2018-06-20 2018-12-07 长春工业大学 A kind of CAN bus message method for detecting abnormality based on deep learning
CN108965340B (en) * 2018-09-25 2020-05-05 网御安全技术(深圳)有限公司 Industrial control system intrusion detection method and system
CN111209998B (en) * 2018-11-06 2023-08-18 航天信息股份有限公司 Training method and device of machine learning model based on data type
CN110659720A (en) * 2019-07-30 2020-01-07 广东工业大学 A CPS data analysis and processing method based on neural network
CN112688901A (en) * 2019-10-18 2021-04-20 厦门雅迅网络股份有限公司 Real-time CAN intrusion detection system of automobile gateway
CN110912909A (en) * 2019-11-29 2020-03-24 北京工业大学 DDOS attack detection method for DNS server
CN111064724B (en) * 2019-12-13 2021-04-06 电子科技大学 Network intrusion detection system based on RBF neural network
CN111107082A (en) * 2019-12-18 2020-05-05 哈尔滨理工大学 An Immune Intrusion Detection Method Based on Deep Belief Networks
CN111191823B (en) * 2019-12-20 2023-06-27 西北工业大学 A production logistics forecasting method based on deep learning
CN111144470B (en) * 2019-12-20 2022-12-16 中国科学院信息工程研究所 Unknown network flow identification method and system based on deep self-encoder
CN111385145B (en) * 2020-03-04 2023-04-25 南京信息工程大学 Encryption flow identification method based on ensemble learning
CN111427541B (en) * 2020-03-30 2022-03-04 太原理工大学 An online random number detection system and method based on machine learning
CN111507385B (en) * 2020-04-08 2023-04-28 中国农业科学院农业信息研究所 Extensible network attack behavior classification method
CN111582440A (en) * 2020-04-15 2020-08-25 马鞍山师范高等专科学校 Data processing method based on deep learning
CN111585997B (en) * 2020-04-27 2022-01-14 国家计算机网络与信息安全管理中心 Network flow abnormity detection method based on small amount of labeled data
US11424941B2 (en) 2020-04-29 2022-08-23 Blackberry Limited Method and system for handling dynamic cybersecurity posture of a V2X entity
CN113673635B (en) * 2020-05-15 2023-09-01 复旦大学 Hand-drawn sketch understanding deep learning method based on self-supervision learning task
CN111723846B (en) * 2020-05-20 2024-01-26 中国人民解放军战略支援部队信息工程大学 Encrypted and compressed traffic identification method and device based on random characteristics
CN111597551B (en) * 2020-05-20 2024-02-27 中国科学技术大学 Protection method for side channel attack aiming at deep learning algorithm
CN111935127B (en) * 2020-08-05 2023-06-27 无锡航天江南数据系统科技有限公司 A malicious behavior detection identification and security encryption device in cloud computing
CN111935153B (en) * 2020-08-11 2022-04-26 北京天融信网络安全技术有限公司 CAN bus-based target message extraction method and device and storage medium
CN112039903B (en) * 2020-09-03 2022-03-08 中国民航大学 Network security situation assessment method based on deep self-coding neural network model
CN112084185B (en) * 2020-09-17 2022-05-31 杭州电子科技大学 Damaged electronic control unit positioning method of vehicle-mounted edge equipment based on associated learning
CN112235264B (en) * 2020-09-28 2022-10-14 国家计算机网络与信息安全管理中心 Network traffic identification method and device based on deep migration learning
CN114429166B (en) * 2020-10-29 2024-11-15 中移动信息技术有限公司 Method, device, equipment and computer storage medium for obtaining high-dimensional features of data
CN112560079B (en) * 2020-11-03 2024-04-19 浙江工业大学 Hidden false data injection attack method based on deep belief network and migration learning
CN112307472B (en) * 2020-11-03 2024-06-18 平安科技(深圳)有限公司 Abnormal user identification method, device and computer equipment based on intelligent decision-making
CN112330632B (en) * 2020-11-05 2023-05-02 绍兴聚量数据技术有限公司 Digital photo camera fingerprint attack detection method based on countermeasure generation network
KR102372934B1 (en) * 2020-11-19 2022-03-10 재단법인대구경북과학기술원 Cyber-physical system for detecting pole-dynamics attack
CN112395810B (en) * 2020-11-20 2024-03-26 大连海洋大学 Fish attack behavior quantification method and device based on artificial neural network and storage medium
CN112417451B (en) * 2020-11-20 2022-04-12 复旦大学 Malicious software detection method adaptive to intelligent chip hierarchical architecture and based on deep learning
CN112464234B (en) * 2020-11-21 2024-04-05 西北工业大学 Malicious software detection method based on SVM on cloud platform
CN112434743B (en) * 2020-11-27 2025-02-21 国网江苏省电力有限公司检修分公司 Fault identification method based on time domain waveform image of partial discharge of GIL metal particles
CN112883373A (en) * 2020-12-30 2021-06-01 国药集团基因科技有限公司 PHP type WebShell detection method and detection system thereof
CN112883995B (en) * 2020-12-30 2024-07-30 华北电力大学 Malicious behavior identification method and device for closed source power industrial control system based on ensemble learning
CN112989354A (en) * 2021-01-27 2021-06-18 中标软件有限公司 Attack detection method based on neural network and focus loss
CN112905717A (en) * 2021-02-25 2021-06-04 北方工业大学 Public safety data distribution method and device
CN113079158B (en) * 2021-04-01 2022-01-11 南京微亚讯信息科技有限公司 Network big data security protection method based on deep learning
CN113206859B (en) * 2021-05-17 2022-03-15 北京交通大学 Detection method and system for low-rate DDoS attack
CN113240113B (en) * 2021-06-04 2024-05-28 北京富通东方科技有限公司 A method to enhance the robustness of network prediction
CN113378990B (en) * 2021-07-07 2023-05-05 西安电子科技大学 Flow data anomaly detection method based on deep learning
CN113656798B (en) * 2021-07-09 2023-09-05 北京科技大学 A regularization recognition method and device for malware label flipping attack
CN113572783A (en) * 2021-07-30 2021-10-29 成都航空职业技术学院 Network intrusion detection method based on attack sharing loss and deep neural network
CN113612786B (en) * 2021-08-09 2023-04-07 上海交通大学宁波人工智能研究院 Intrusion detection system and method for vehicle bus
CN113746813B (en) * 2021-08-16 2022-05-10 杭州电子科技大学 Network attack detection system and method based on two-stage learning model
CN113660273B (en) * 2021-08-18 2023-06-02 国家电网公司东北分部 Intrusion detection method and device based on deep learning under super fusion architecture
CN113691562B (en) * 2021-09-15 2024-04-23 神州网云(北京)信息技术有限公司 Rule engine implementation method for accurately identifying malicious network communication
CN113885330B (en) * 2021-10-26 2022-06-17 哈尔滨工业大学 Information physical system safety control method based on deep reinforcement learning
CN114070635A (en) * 2021-11-22 2022-02-18 深圳大学 SHDOS data processing, model training method, equipment and storage medium
CN114298397A (en) * 2021-12-24 2022-04-08 苏州科技大学 Deep reinforcement learning building energy consumption prediction method using time sequence data
CN114528547B (en) * 2022-01-17 2024-09-13 中南大学 ICPS unsupervised online attack detection method and device based on community feature selection
CN114095284B (en) * 2022-01-24 2022-04-15 军事科学院系统工程研究院网络信息研究所 Intelligent traffic scheduling protection method and system
CN114760098A (en) * 2022-03-16 2022-07-15 南京邮电大学 CNN-GRU-based power grid false data injection detection method and device
CN114692148B (en) * 2022-03-31 2024-04-26 中国舰船研究设计中心 A malicious code detection method based on machine learning
CN115018662B (en) * 2022-06-10 2025-05-23 扬州大学 A multi-source localization method based on deep learning
CN115278682B (en) * 2022-07-04 2024-08-09 北京科技大学 A method and device for security control of information-physical system under malicious attacks
CN115189939A (en) * 2022-07-08 2022-10-14 国网甘肃省电力公司信息通信公司 HMM model-based power grid network intrusion detection method and system
CN115618970A (en) * 2022-08-22 2023-01-17 西安电子科技大学 Antagonistic attack method aiming at symbol statistic filtering in horizontal federated learning
CN115996135B (en) * 2022-09-09 2024-03-12 重庆邮电大学 Industrial Internet malicious behavior real-time detection method based on feature combination optimization
CN115801471B (en) * 2023-02-10 2023-04-28 江西和盾技术股份有限公司 Network security data processing method based on big data processing
CN116738339A (en) * 2023-06-09 2023-09-12 北京航空航天大学 Multi-classification deep learning recognition detection method for small-sample electric signals
CN118827113B (en) * 2024-01-02 2025-11-28 中国移动通信集团辽宁有限公司 Method for generating model and method and device for detecting malicious data attack behaviors
CN117834302B (en) * 2024-03-05 2024-07-05 东北大学 A CAN bus attack detection method based on Mahalanobis distance OOD score
CN118133146B (en) * 2024-05-10 2024-07-16 国网江西省电力有限公司南昌供电分公司 Artificial intelligence-based risk intrusion recognition method for Internet of things
CN118916806B (en) * 2024-07-11 2025-08-01 青岛理工大学 FDI attack detection method for wind power prediction
CN118555153B (en) * 2024-07-29 2024-09-24 杭州海康威视数字技术股份有限公司 Internet of things unknown attack method and system based on operation mode fusion measurement
CN119071023B (en) * 2024-08-02 2025-08-22 清华大学 A method and device for detecting malicious traffic and countering attacks
CN119475341B (en) * 2024-11-25 2025-05-02 内蒙古工业大学 Unknown threat detection method, device and computer equipment based on decoupled representation learning
CN119323234B (en) * 2024-12-19 2025-03-21 安徽大学 A node injection attack method and device based on target subgraph partitioning
CN119544378A (en) * 2024-12-31 2025-02-28 深圳市东美通科技有限公司 Network defense method, device, equipment and medium based on unknown attack detection
CN119814460B (en) * 2025-01-08 2025-10-03 西安理工大学 C3-level train control system network malicious traffic detection method based on robust self-encoder

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050228666A1 (en) * 2001-05-08 2005-10-13 Xiaoxing Liu Method, apparatus, and system for building context dependent models for a large vocabulary continuous speech recognition (lvcsr) system
CN101582813A (en) 2009-06-26 2009-11-18 西安电子科技大学 Distributed migration network learning-based intrusion detection system and method thereof
CN103778432A (en) 2014-01-08 2014-05-07 南京邮电大学 Human being and vehicle classification method based on deep belief net
CN104732237A (en) 2015-03-23 2015-06-24 江苏大学 Method for identifying false traffic information in internet of vehicles
KR101561651B1 (en) 2014-05-23 2015-11-02 서강대학교산학협력단 Interest detecting method and apparatus based feature data of voice signal using Deep Belief Network, recording medium recording program of the method
CN106453416A (en) 2016-12-01 2017-02-22 广东技术师范学院 Detection method of distributed attack intrusion based on deep belief network
CN106656981A (en) 2016-10-21 2017-05-10 东软集团股份有限公司 Network intrusion detection method and device
CN106769048A (en) 2017-01-17 2017-05-31 苏州大学 Adaptive deep confidence network bearing fault diagnosis method based on Nesterov momentum method
CN106911669A (en) 2017-01-10 2017-06-30 浙江工商大学 A kind of DDOS detection methods based on deep learning
CN107256393A (en) 2017-06-05 2017-10-17 四川大学 The feature extraction and state recognition of one-dimensional physiological signal based on deep learning
US20190138731A1 (en) * 2016-04-22 2019-05-09 Lin Tan Method for determining defects and vulnerabilities in software code
US20190215330A1 (en) * 2018-01-07 2019-07-11 Microsoft Technology Licensing, Llc Detecting attacks on web applications using server logs

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050228666A1 (en) * 2001-05-08 2005-10-13 Xiaoxing Liu Method, apparatus, and system for building context dependent models for a large vocabulary continuous speech recognition (lvcsr) system
CN101582813A (en) 2009-06-26 2009-11-18 西安电子科技大学 Distributed migration network learning-based intrusion detection system and method thereof
CN103778432A (en) 2014-01-08 2014-05-07 南京邮电大学 Human being and vehicle classification method based on deep belief net
KR101561651B1 (en) 2014-05-23 2015-11-02 서강대학교산학협력단 Interest detecting method and apparatus based feature data of voice signal using Deep Belief Network, recording medium recording program of the method
CN104732237A (en) 2015-03-23 2015-06-24 江苏大学 Method for identifying false traffic information in internet of vehicles
US20190138731A1 (en) * 2016-04-22 2019-05-09 Lin Tan Method for determining defects and vulnerabilities in software code
CN106656981A (en) 2016-10-21 2017-05-10 东软集团股份有限公司 Network intrusion detection method and device
CN106453416A (en) 2016-12-01 2017-02-22 广东技术师范学院 Detection method of distributed attack intrusion based on deep belief network
CN106911669A (en) 2017-01-10 2017-06-30 浙江工商大学 A kind of DDOS detection methods based on deep learning
CN106769048A (en) 2017-01-17 2017-05-31 苏州大学 Adaptive deep confidence network bearing fault diagnosis method based on Nesterov momentum method
CN107256393A (en) 2017-06-05 2017-10-17 四川大学 The feature extraction and state recognition of one-dimensional physiological signal based on deep learning
US20190215330A1 (en) * 2018-01-07 2019-07-11 Microsoft Technology Licensing, Llc Detecting attacks on web applications using server logs

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11930030B1 (en) * 2022-07-15 2024-03-12 HiddenLayer Inc. Detecting and responding to malicious acts directed towards machine learning models
US20240080333A1 (en) * 2022-07-15 2024-03-07 HiddenLayer Inc. Detecting and Responding to Malicious Acts Directed Towards Machine Learning Models
US12314380B2 (en) 2023-02-23 2025-05-27 HiddenLayer, Inc. Scanning and detecting threats in machine learning models
US12475215B2 (en) 2024-01-31 2025-11-18 HiddenLayer, Inc. Generative artificial intelligence model protection using output blocklist
US12248883B1 (en) 2024-03-14 2025-03-11 HiddenLayer, Inc. Generative artificial intelligence model prompt injection classifier
US12105844B1 (en) 2024-03-29 2024-10-01 HiddenLayer, Inc. Selective redaction of personally identifiable information in generative artificial intelligence model outputs
US12130943B1 (en) 2024-03-29 2024-10-29 HiddenLayer, Inc. Generative artificial intelligence model personally identifiable information detection and protection
US12107885B1 (en) 2024-04-26 2024-10-01 HiddenLayer, Inc. Prompt injection classifier using intermediate results
US12111926B1 (en) 2024-05-20 2024-10-08 HiddenLayer, Inc. Generative artificial intelligence model output obfuscation
US12174954B1 (en) 2024-05-23 2024-12-24 HiddenLayer, Inc. Generative AI model information leakage prevention
US12130917B1 (en) 2024-05-28 2024-10-29 HiddenLayer, Inc. GenAI prompt injection classifier training using prompt attack structures
US12229265B1 (en) 2024-08-01 2025-02-18 HiddenLayer, Inc. Generative AI model protection using sidecars
US12293277B1 (en) 2024-08-01 2025-05-06 HiddenLayer, Inc. Multimodal generative AI model protection using sequential sidecars
US12549598B2 (en) 2024-08-21 2026-02-10 HiddenLayer, Inc. Defense of multimodal machine learning models via activation analysis
US12328331B1 (en) 2025-02-04 2025-06-10 HiddenLayer, Inc. Detection of privacy attacks on machine learning models
US12505648B1 (en) 2025-07-07 2025-12-23 HiddenLayer, Inc. Multimodal AI model protection using embeddings

Also Published As

Publication number Publication date
WO2019144521A1 (en) 2019-08-01
US20200106788A1 (en) 2020-04-02
CN108040073A (en) 2018-05-15

Similar Documents

Publication Publication Date Title
US11777957B2 (en) Method for detecting malicious attacks based on deep learning in traffic cyber physical system
CN109698836B (en) A wireless local area network intrusion detection method and system based on deep learning
CN111585948B (en) Intelligent network security situation prediction method based on power grid big data
CN108768986B (en) Encrypted traffic classification method, server and computer readable storage medium
CN112104525B (en) DNP3 Protocol Fuzzing Method Based on Sequence Generative Adversarial Network
CN105703963B (en) Industrial control system communication behavior method for detecting abnormality based on PSO OCSVM
CN110719275B (en) Method for detecting power terminal vulnerability attack based on message characteristics
CN111756719A (en) A DDoS attack detection method combining SVM and optimized LSTM model under SDN network architecture
CN110166454B (en) Mixed feature selection intrusion detection method based on adaptive genetic algorithm
CN109902740B (en) Re-learning industrial control intrusion detection method based on multi-algorithm fusion parallelism
CN115622806B (en) Network intrusion detection method based on BERT-CGAN
CN105471882A (en) Behavior characteristics-based network attack detection method and device
CN108322445A (en) A kind of network inbreak detection method based on transfer learning and integrated study
CN114372530A (en) Abnormal flow detection method and system based on deep self-coding convolutional network
CN114064471A (en) An Ethernet/IP Protocol Fuzzing Method Based on Generative Adversarial Networks
CN110535878A (en) A kind of threat detection method based on sequence of events
CN116192523A (en) Industrial control abnormal flow monitoring method and system based on neural network
CN106878307A (en) An Unknown Communication Protocol Identification Method Based on Bit Error Rate Model
CN117768161B (en) Intelligent DDoS attack detection method, equipment and system
CN117240524B (en) A hybrid model-based intrusion detection method and system for the Internet of Things
CN112887325A (en) Telecommunication network fraud crime fraud identification method based on network flow
CN116599694A (en) Botnet detection method based on CNN and LSTM-DAE
CN110868404A (en) Industrial control equipment automatic identification method based on TCP/IP fingerprint
CN112637165B (en) Model training method, network attack detection method, device, equipment and medium
CN113542222A (en) Zero-day multi-step threat identification method based on dual-domain VAE

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

AS Assignment

Owner name: HANGZHOU DIANZI UNIVERSITY, CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEN, YUANFANG;WU, TING;YUE, HENGLI;AND OTHERS;REEL/FRAME:063952/0390

Effective date: 20230614

STPP Information on status: patent application and granting procedure in general

Free format text: AWAITING TC RESP, ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE